Allows me to ping xxxx::1 just fine. When I do a ping6 ipv6.google.com I get destination unreachable. Same thing when I try to ping the name server 2001:470:20::2. Did I miss something or is there something more that I need to run other than these commands?

It seems that I can't get to the other side of the tunnel.

The firewall itself is a little more complicated. Under CentOS I have multiple interfaces that are bridged (eth0 and eth1) and another interface for the private lan eth2. I now have sit0 as the tunnel and sit1 as the ipv6 address.

With that said, if I want to add a machine on the bridge network to have access to the IPV6 through the tunnel, how do I assign the addresses? Do I need to break the /64 down further for my two seperate network segments?

If anyone could toss me a config sample on this type of scenario I would greatly appreciate it. I've been reading the http://tldp.org/HOWTO/html_single/Linux+IPv6-HOWTO guide and it has some useful information but nothing that touches this specific scenario.

So, removing the ::/0 from all interfaces other than sit1, I can now ping ipv6.google.com. So the next question would be how do I get something on my bridge to be able to talk to the IPV6? Do I add one of the IPV6 addresses from the pool to the bridge or do I need to do something different (like assign the /64 to the bridge and not sit1)?

As a follow up, I requested the /48 network. I have also discovered that VMWare doesn't seem to be passing IP's across from one physical server to another. That'a a different problem though. All of the servers for this test are on the same physical VMWare server.

So, now that I have a /48 and a /64, what do I need to do in order to route DMZ and private LAN via IPV6 and where given:

Thanks for the follow up. I did verify that the firewall IP is the client ID assigned from HE and not the /64 network. I assigned the /64 network to the DMZ range and I can traceroute -s from the DMZ IP. I have assigned one of the /64's to a machine inside the DMZ and I can ping the /64 assigned range, the /64 client router IP but that's where it stops. I've forwarded my config over to the HE team for follow up.

The sit0/sit1 is the exact config generated from tunnelbroker script generator. I'm willing to try it any way that works.

Here is some detailed information. On the firewall eth0 + eth1 = br0, eth2 is the private land and eth3 is a data lan. I have yet to put any IPV6's on those lans, but they too will have a /64 of the /48 when the time comes. I have also enabled forwarding in /proc/sys/net/ipv6/conf/all/forwarding. In iptables, the first two rules for both forward and input are to allow -p IPV6 and -p IPV6-ICMP.